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(57) Abstract 

A computationally efficient method for trusted and dynamic dissemination of digital objects. Related digital objects of various types 
are grouped, based on their usage and ftmctionality, by an infonnation provider into distribution packages. Trustworthin^ of objects 
contained in a distribution package are certified by a trusted certification authority in tfic form of a certificate which consists of a body and 
the certification authority's signature on the body based on a public-key digital signature scheme. The body fiirthcr consists of the name of 
the infonnation provided; name of the distribution package; and type, safety checking fiag, and digest of each and every object. It ui used by 
end users to verify the tnist criteria of any individual or any subset of objects specified by the package. To verify whether a received object 
meets trust criteria certified by the certificate, the end user computes the digest of the <rt>ject. compares it widi die conespondmg digest 
in the certificate, and examines the type and safety checking flag of the object contained in the certificate. The end user can dynamically 
download additional objects, check their trustworthiness without having to verify the certificate multiple times. 
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COMPUTATIONALLY EFFICIENT METHOD FOR TRUSTED AND 
DYNAMIC DIGITAL OBJECTS DISSEMINATION 



5 FIELD OF THE INVENTION 

The present invention relates to the field of data processing and digital 
communication, and in particular, to a method for trusted and dynamic 
dissemination of digital objects which is computationally efficient. 

10 

BACKGROUND OF THE INVENTION 

Distribution of digital objects, or objects in short-whether be it text, 
graphics, animation, video, audio or software (such as source code or 

15 machine code) written in various programming languages-in magnetic, 
electronic, optical or any other medium is becoming popular. However, 
because such objects are in digital format, they are susceptible to third-party 
tampering which is difficult to detect. In many situations it is necessary for an 
end user to check an object received froni another party, called information 

20 provider in the present inveintion, against certain trust criteria before 
accepting and using the object. Trust criteria may include authentication of 
date of creation, originality, integrity, type, and usage safety of the object. . 

Most of the current practices in digital information dissemination do not 
provide end users with means of reliably checktrig, whether an object rjieets 

25 certain trust criteria. Popular but very dangerous; ytfays of distributing software 
over Internet are downloading software files using file, transfer, protocol or 
electronic mail. Malicious attacker may modify tine software or replace if with 
malicious software during transit. Malicious attacker may even post malicious 
software on a newsgroup or on a compromised machine. When the softwai-e 
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is downloaded and run at an end user's machine, it has all the access rights 
entitled to the user. For example, the malicious software may be designed to 
read user's private files and send them to a designated network address. The 
malicious software may also infect the user's system if it contains a virus or 
5 network worm. 

The danger of un-checked software distribution is aggregated with the 
advent of new programming language environments which allow for 
architecturally neutral code to be dynamically loaded and run on a 
heterogeneous network of computers such as the Internet. In such an 
10, environment, a user's machine may dynamically download executable digital 
• objects from various information providers and execute them locally. Without 
proper checking on such executable digital objects, it is like opening the door 
and inviting crimes to one's house. 

In response to this problem a method for trusted software digital object 
15 distribution has been developed, and is published in Aviel D. Rubin, "Trusted 
distribution of software over the Internet", pp. 47-53, Proceeding of the 
Symposium on Network and Distributed System Security, February 16-17, 
1995. San, Diego. California, This method relies on a trusted third party, 
. . called certification authority, to certify the onginality and integrity of a software 
20 object wherf each individual object produced by an information provider is 
issued a separate certificate. In this method, an author. A, of a program 
registers a public key, Kpub, with a trusted third party. T. T verifies the 
registration infonnation by calling A on the telephone. To distribute a file, A 
sencls a signed message using a private key, Kpn, associated with Kpub. to T 
25 : containing the hash, of the file, H, and other relevant information. T issues a 
signed certificate containing the name of the file and its hash value. When A 
receives the certiticate. he stores it along with the file. This certificate is sent 
whenever a user retrieves the file. The user then uses the certificate to verify 
the integrity of the file. 
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This method suffers from the fact that each time a digital object is 
downloaded, the corresponding certificate must be downloaded as well and 
verified by the end user. Certificate verification is a computationally Intensive 
process requiring much processing time. Not only is this' method 
5 computationally costly but it introduces additional delays in code execution 
which may be un-acceptable in certain applications. Furthermore, this prior 
art scheme Is restrictive In that it only provides authentication on the object's 
originality and Integrity: no authentication on the usage safety of objects is 
provided. 

10 Hence it would be highly desirable to 'have method for trusted 

distribution of'digital objects which is substantially faster and' computationally 
efficient/and which provides authentication on the object's usage safety, as 
well as on its originality and integrity. 

15 OBJECT OF THE INVENTION 

It is therefore, the object of the invention to overcome the shortcomings 
described above, and provide a' method for 'trusted distribution of digital 
objects which is computationally efficient, and" which provides authentication 
20 on the object's usage safety, as well as on its originality and integrity. 

SUMMARY OF THE INVENTION 

The present invention is a method for trusted and dynamic 
25 dissemination of digital objects. Related objects of various types are 
grouped, based on their usage and functibriallty. by an infomriation provider 
into distribution packages! Trust criteria of an object ihclude authentication of 
Its originality, integrity, type, and optionally, usa^e safety. Trustworthiness of 
objects contained In a distribution package are certified by a trusted third 
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party, called certification authority, in the form of a certificate, The certificate 
consists of a body and the certification authority's signature on the body 
based on a public-key digital signature scheme, The body further consists of 
the name, of the information provider; name of. the distribution package; and 
5 type, safety checking flag, and digest of each and every object. The certificate 
above can be made available by an information provider to end users either 
on line or off line. It is. used by end users to verify the trust cnteria of any 
individual or any subset of objects specified by the package. 

When an . end . user intends , to download objects in a distribution 
0 package ffrom an information provider, the end user downloads the certificate 
■■■■ of the package and then verifies its .validity. If the certificate is verified, the end 
user then downloads objects specified in the package interactively or via 
some other means. To verify whether a received object meets trust criteria 
certified by the certificate, the end user simply computes the digest of the 
5 object and compares it with the, corresponding digest in the certificate, and 
examines the. type and safety checking flag of the object contained in the 
certificate. The end user can dynamically download additional objects, check 
their trustworthiness without having to verify the certificate multiple times. 

D. BailF .DESCRIPTION OF THE DRAWINGS 

• FIG. 1 is a model of digital objects certification and dissemination. 

FIG. -2 shows the steps an information provider requests and obtains a 
certificate of a distribution package from a certification authority. 
> FIG. 3 illustrates :a possible logical structure of a certification request 

(CR) according to the preferred embodiment of the present invention. 

^ FIG. 4 shows the flow diagram of a certification request generating 
program (CRGP) used in the preferred embodiment of the present invention. 
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FIG. 5 illustrates a possible logical structure of a certificate (CERT) 
issued by a certification authority in accordance to the preferred embodiment 
of the present invention: 

FIG. 5 shows the flow diagram of a certificate generating program (CGP) 
5 used in the preferred embodiment of the present invention. 

FIG. y illustrates the flow diagram of an information provider, certificate 
verification program (IP_CVP) used in the preferred, embodiment of the 
present invention. 

FIG. 8 shows the steps an end user verifies the certificate of a 
10 distribution package and accesses objects specified in ..the package 
dynamically in accordance to preferred embodiment of the present invention. 
- '. ' FIG. 9 illustrates the flow diagram of an end user certificate verification 
program (EU_CVP) used in the preferred embodiment of. the present 
invention. 

15 FliG. 10 illustrates the flow diagram of a checking object acceptability 

program (COAP) used in the preferred embodiment of the present invention. 

DETAILED DESCRIPTION OF THE INVEMTBON 

20 A method for truited antf dynamic disseminatiiDh of digital.: objects, or 

objects for short, is described. In the following description, numerous specific 
details are set forth such as logical structures of digital information and 
prograrri steps, etc. in order to provide a thorough understanding of the 
present invention. It will be' obvious to one skilled in the art that the present 

25 inverition may be practised without these specific details. In other instances, 
well known steps as those involved in generation of public key and private 
key. generation and verification of digitar signatures, and computing digest of 
an object using a secure one-way hash function are: left out to avoid 
obscuring the present invention. 
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The detailed description with respect to trusted and dynamic 
dissemination of digital objects is presented partially in terms of algorithm 
and symbolic representation upon operation on data bits within the computer 
memory. These algorithmic descriptions and representations are the means 
5 used by those skilled on the art of data processing to most effectively convey 
the substance of their work, to others skilled in the art. 

An algorithm is here, and generally, conceived to be a self-consistent 
sequence of steps leading to a desired result. These steps are those require 
physical manipulation of physical quantities. Usually, though not necessarily, 
10 these quantities take the form of electrical or magnetic signals capable of 
being stored, transferred, ccnnbined. and othenA/ise manipulated. In this case, 
the physical quantities are voltage cr current signals which correspond to the 
digital objects/information being distributed. It proves convenient at times. 
. principally for reason of cpmmon usage, to refer to these signals as bits, 
15 values, elements, symbols, characters, terms, fields, numbers or the like. It 
should be borne in mind, however, that all of these and similar terms are to 
be associated with the appropriate physical quantities and are- merely 
convenient labels applied to these quantities. 

Furthermore; the manipulations performed are often referred to in terms 
20 such as adding or comparing, which are commonly associated with the 
mental operations performed by a hurnan, operator. No such capability of a 
human operator is necessary, or desirable. In most cases, in any of the 
: operations described herein which form part of the presient invention, the 
operations are machine operations. Useful machines for performing the 
.25: operations of the present invention include general purpose digital 
computers or similar devices such as digital signal processors. In all cases, it 
should be borne in mind that there is a distinction between the method 
operation in operating ^ computer or other apparatus and the method of 
computation itself. 
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The present invention relates to methods for trusted and dynamic 
distribution of digital objects/information. These rnethods will be described in 
specific steps of nhahipulating information. For one skilled in the art. it should 
be obvibus that some of these steps shall be best automated by, for example, 
5 implementing them as a special purpose software, which is usually called a 
server, running on general purpose computers. It should be clear that an 
information provider could simultaneously instantiate multiple executions of 
the server to serve multiple end users; It should also be clear that there may 
exist multiple certification authorities." Fbr' example, there may be one 

10 -certification autfiority per organization'. > , . . . r, ^ • 

The present invention also felMes to an apparatus ^^.f^^^ 
operations. This apparatus may be specially constructed for the required 
purpose or it may comprise a general purpose computer as selectively 
activated or reconfigured by a computer program stored in the computer. The 

1 5 algorithms presented herein are not inherently related to any particular 
computer or other apparatus. In particular, various general purpose 
machines may be used with programs, •written in accordance with the 
teachings herein, or it may prove more convenient to construct specialized 
apparatus such as digital signal processor to perform the required method 

20 steps. The required structure for a variety of these machines would appear 
from the description given below. ! 

' A general model for the trusted distributiort'^'scheme of digital objects is 
shown in FIG. 1. Here the information provider' 10 refers to a . supplier of 
objects to the end user 40. A digital object has an identifier and is a solf- 

25 contained entity. There can be various typiBs of objects including, but not 
restricted to. text, graphics/'' animatiohr-video, audio, software, or any 
combination thereof. The transmission channel 20 represents the means and 
more specifically the media through which communication messages are 
exchanged among the information provider 10. the certification authority 30, 
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and the end user 40. Such messages include certificate request from the 
information provider JO to the certification authority 30 and certificate from the 
. certification authority 30 to the information provider 10 over paths 15 and 25, 
and object request from the end user 40 to the information provider 10 and 
5 requested objects from the information provider 10 to the end user 40 over 
paths 15 and 35. The transmission channel 20 includes but is not limited to 
any communications means or media such as computer networks, radio 
links, satellite links, diskettes, or other storage medium. 

For clarity of presentation, the description below will elaborate on a 
1.0 .model having, one information provider, one certification authority, and one 
. . end, user. However, it ^should be understood that multiple providers, 
certification authorities, and end users are possible, and, in most instances, 
would be-the likely scenario. It should also be understood that the end user 
may be in the role of information provider with respect to other users. 
15 The preferred embodiment. of the present invention utilizes the public- 

key digital signature scheme to authenticate the integrity of the digital objects 
. : and the inforrnation provider. But it should be understood by those skilled in 
^- . the art that the computational. efficiency achieved by the present invention is 
not limited only to those systems of digital object dissemination which are 
20 . based on public-key digital signature, scheme. However, as a way of fully 
^ disclosing the way to make and use. the preferred embodiment of the present 
invGintion, the . public-key digital signature schen^e, which is wejl known to 
those skilled in the art, and its role in the present invention will be discussed 
in detail. 

,25. , The information provider 10 referred to in FIG. 1, groups digital objects 
into distribution packages based on their usage or functionality. The end user 

40 may desire to access any individual object or any subset of objects in a 

package at- different times. However, the end user may not trust the 
information provider in providing trusted. objects. The end user may also not 
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trust the path 15. the transmission channel 20. and path 35 to reliably deliver 
objects. A trusted object is an object which meets certain prei-defined trust 
criteria including atlitheHticity of object originality and integrity, and guarantee 
of safety (such as virus-free guarantee) in using the object. The certification 

5 authority 30 is responsible for certifying objects meeting the pre-defined tmst 
criteria! it is assumed that the end user trusts the certification authority in 
making correct statements about tKe objects It certifies. 

Prior to the distribijtion of any digital objects, the information provider 
registers itself to the certification authority: During this registration process. 

10 the information provider authenticates itself to the certification authority by 
whatever means as required By the certification authority. The infoirtiation 
provider agrees to the terms of' M certification service' contract: Such a 
contract contains at a minimurh the identities, addresses of both the 
information provider and the certification authority; and the kind of safety 

15 checking (such as virus detection and network worm^ detection) to be 

'■si 

performed by the certification k'utHbrity on each type of objects. It may also 
contain the public keys of the informatioii'.firovider arid the certification 
authority, respectively. These keys afe selected by the respiective party based 
on a certain public-key digital signature system (PKDSS). ' 

20 A party, say X. in a PkbSS Has a private key XSK and a public key XPK. 

where the jirivate'key is kept secret to party X only and the publifc^k^y can be 
made known to everyone like a telephone number in telephone directory. A 
PKDSS has the property that, given knowledge of the public key; it is not 
feasible to determine the corresponding private key. The private key XSK is 

25 used by X to generate a digital signature, or signature for short, on a digital 
message. Such a digital signature on digital message serves more or less the 
same purpose as that of a hand written signature on paper document does. Let 
M_Sg = S{XSK. HM) denote X's signature on a message M, where S(...) is the 
sigriatufe generating function with XSK arid HM as its inputs, HM is the digest 
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of M which is normally the output of a secure one-way hash function h(.) with M 
as the input. To verify party X's signature M_Sg on a message M, both the 
signature and possibly the message must be made available to the verifying 
party. 

5 Upon receiving M_Sg and possibly M, any party with knowledge of X's 

public key XPK can verify X's signature M_Sg on the message M. The party 
first computes HM* = V(XPK, M_Sg), where V(,. .) is the signature verification 
function with XPK and M_Sg as its inputs. The party then computes digest 
. HM" of the received M based on h(.). If M_Sg is indeed X's signature on M 
.10 and.if.the signature and the message were not modified in transmit, then HM* 
, = ,HM"Jsince they both equal to HM). In this case, the signature M_Sg on M 
is verified; otherwise, it is not verified. In the former case, the party is certain 
that the message M came from X - authentication of the message originality, 
and that the. message M and the signature M_Sg were not modified duhng 
15 transmission : authentication of message integrity. In the present invention, 
the information provider has a private key IPSK kept secret to itself and a 
corresponding public key IPPK made available to the certification authority. 
Similarly, the certification authority has a public key CAPK made available to 
everyone and a private key CASK kept secret to itself. For further references 
20 on PKDSS and secure one-way hash functions, see D. E. R. Denning, 
Cr/ptography and Data Security, Addition-Wesley, Reading, MA, 1983. Also 
see W. Stallings, Network and Internetworks Security - Principles and 
Practice, Prentice Hall, Englewood Cliffs, NJ, 1995. 

The certification authority must publish its public key CAPK and its 
2.5 certification services .to all end usersjn an authentic manner. Certification 
services include types of objects it certifies, and what kind of safety checking 
: . . .it performs or each type of objects. 

FIG. 2 is a block diagram generally illustrating the steps in which the 
information provider requests and olDtains a certificate of a certain distribution 
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package of digital objects after the information provider has registered itself 
with the certification authority. FIGS. 3 through 7 describe in detail the 
process used in ekciS of the steps generally described in RG. 2. FIGS. 8-10 
describe a process by which the users verify the integrity of the received data 

5 using the certificate received from the information provider. 

In FIG. 2. the information provider prepares a certificate request (CR) 
message for a given distribution package and send the CR to the certification 
authority in step 50. The CR generated from CRGP in step 50 Is sent to the 
certification authority. Upon receiving the CR. the ceillficatioh authority 

10 generates a certificate (CERT) using a certificate generating program (CGP) 
in step 100. The CERT generated by CGP in step TOO is received and 
verified by the information provider using an information provider certificate 
verification program (IP.CVP) in step 150. The outcome of the IP.CVP. in 
step 150 can be e.ther "Not verified" or "Verified". In the fomner case, the 

15 received CERT is rejected: While in the latter case, the CERT is stored in a 
database (possibly together with the package it certifies) or published to end 
users. 

FIG. 3 illustrates the logical structure of CR which is prepared in step 50 
of FIG. 2. The logtcai structure of the CR comprises a CR body (CR_By) 52. 

20 an optional need-safety-ch^cking^objects field (NSCO) 66. and the 
information provider's signature (CR_Sg) 68 on CR_By and NSCO under the 
private key IPSK. The CR.By flirther comprises a plurality of fields: name of 
the information provider (IP.Narne) 54. the postal/network address of the 
information provider (IP.Adrj 56. the name of the package (PA.Name) 58 to 

25 be certified, the desired validity period (VPf 60 ^6f the requested certificate, 
the number of objects (I) 62 cbntained in t»ie package in question, and the set 

of I object infomiation (Oil. OI2 Oli. Oil) 64. The PA.Name 58 further 

comprises a package identifier (PAID) 70. used to uniquely identify the 
package within the domain of the information provider, and a package 
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version number (PAV) 72. The VP 60 refers to a specified time period within 
which the requested certificate is valid. The Oil in 64 relates to the ith object 
(Oi) and consists of the identifier (OlDi) 74, type (QTi) 76, safety checking flag 
' (SCFi) 78, and digest (Hi) 80 of Oi. The QIDi 74 uniquely identifies Oi within 
5 the package, the QTI 76 is the type Oi belongs to, the SCFi 78 is a Boolean 
variable taking value either "ON" or "OFF", and the Hi 80 isihe digest of Oi. 
The SCFi = "ON" indicates that safety of object Oi need be checked by the 
certification authority. Safety checking normally applies to software objects 
only. The specific kind of safety checking (such as virus detection) depends 
1 Q on the type of the object in question. |f SCFi = "OFF", then no safety check is 
> requested by the information provider on object Oi. The digest Hi is computed 
as the output of a pre-defined secure one-way hash function with the object 
Oi as its input. The NSCO 66 contains all those objects whose safety flags 
take the value "ON". = 
.15 FIG. 4 is the flpw diagram of a certificate request generating program 

(CRGP) used in step 50 of FIG., 2 to prepare and send the certificate request 
, (CR) by the information provider In step 84, for all object indexes i from 1 to I, 
the. digest. of object Oi is generated, and Oi is included in the NSCO 66 and 
SCFi is set to "ON" if safety checking on Oi is required: othenA^ise SCFi is set 
20 -tO'"OFF".: Next, the CR_By 52 is created in step 88 by concatenating the 
IP»Name 54JP_,Adr 56, PA_Name 58, VP 60, I 62 and 64. The information 
provider's signature CR_Sg 68 . on CR.By 52 and NSCO .66 is computed 
, under the private key IPSK in step 90. The completed CR is sent to the 
, : ; certification authority 30 in step 94. 

.25 FIG. 5 shows a logical structure of CERT which is generated in step 100 

of FIG. 2. It consists of a certificate body (CERT_By) 110 and the certification 
authority's signature (CERT_Sg)^120 on CERT_By under the private key 
CASK. The CERT„By llOJurther comprises the name (CA.Name) 112 and 
the address (CA_Adr). 114 of the certification authority, a time-stamp (TS) 
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116. and the CR_By 52 which is copied exactly from the received CR. The TS 
1 16 is the time and date the certificate is issued. 

FIG. 6 is a flow diagram illustrating the steps of a certificate generating 
program (CGP) used by the certification authority 30 to verify the Incoming 
5 CR and to gener^ate the CERT in step 100 of FIG. 2. The certificate request 
CR produced in step 50 in FIG. 2 is received in step 122. The CGP checks to 
see if the party named by IP_Name is a registered information provider in 
step 123. If it is not registered, the program termihates; otherwise, the 
program fetches the public key 'IPPK from the information provider's 
0 registration record and then verifies the signature CR^Sg using IPPK in step 
124. If the signature is not verified; the CGP stops and appropriate' actions 
are- taken by the certification authority: A detailed description of those actions 
is beyond the scope of the preseht invention/however. 

In general though, there are two possibilities for an invalid signature: (1) 
5 the message and the signature were modified either intentionally or 
otherwise during transit, or (2) the signature is generated under a key other 
than IPSK. Both outcomes are detected by the CGP in step 124. Assuming 
tfiat the signature CR_Sg is verified in step 124, the object index i is set to 1 
in step 126, the value of SCFi is re^d fronri the received CR and it is checked 
20 to see that whether the value of SCFi is "ON". If it is "ON", the CGP reads 
object Oi from the NiSCO part of the received CR. computeis its digest Hi' in 
step 130. ahd compares the riewiy computed digest with the digest Hi read 
from CR in step 132. If the two do not match, the pi-ogram terminates. The 
mismatch occurs when the Hi supplied by the infomiation provider is not the 
25 digest of Oi. This may happen when the ihfornriation provider either 
intentionally or by mistake sends the wrong information. 

Assuming now that Hi' matches Hi. the CGP checks the safety feature of 
Oi according to the object type OTi in step 134. If the object fails the check, 
the program stops. If Oi passes the safety checking or if the outcome in step 
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128 is "No", the present invention compares the current object index i with the 
total number of objects I in step 136. If i is less than I. i is increased by 1 in 
step 138 and the program goes back to step 128. Assuming that i = I. then the 
present invention forms the certificate body CERT_By 110 in step 140 by 
5 concatenating the CA_Name 112, CA_Adr 114..TS 116. and CR_By 52, 
where CR_By is copied from the received CR. The certification authority's 
signature CERT_Sg on CERT .By is generated under the* private key CASK 
in step 142. The completed CERT is then sent to the information provider in 
step 144. 

10 FIG. 7 illustrates a flow diagram of the. inforrriation provider certificate 

. verification program (IP_CVP) used by the infprniation provider in step 150 of 
FIG. 2. The certificate CERT is firsit received in step 154. The signature 
CERT_Sg is read from the received CERT and verified in step 158 using the 
certification authority's public key CAPK. Next, the CR_By is read from CERT 
15 and compared with the CR_By in CR sent by the information provider in step 
50. Then the CA_Narr?e, CA_Adr. and TS are read from CERT and checked 
to see if they are as expected. -If the-outcome in step 158 is "Not verified" or if 
the outcome in either steps 160 or 164 is "No", then a condition of "CERT not 
verified" is indicated in step, 166. Only when the received CERT passes all 
20 the checks, then a condition of "CERT, verified" is indicated in step 168. 

FIGS. 8-10 illustrate the manner in which the end user accesses and 
• verifies the certificate (CERT) prepared as described above, as well as the 
manner in which the end user accesses and evaluates digital objects 
contained in the certified package. In FIG. 8. the end user requests the CERT 
25 of a distribution package in step 270. The CERT is received and verified in 
- step 280 using the end user certificate verification program (EU_CVP). If the 
outcome of step 280 is CERT "Not verified", the end user terminates its 
program. On the other hand, if the outcome of step 280 is CERT "Verified", the 
end user requests an object, say the ith object Oi, specified in the package in 
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question from the information provider in step 310. The object is then 
received and checked for acceptability using a simple checking object 
acceptability program (COAP) in step 320. If the outcome of COAP in step 
320 is object Oi "not acceptable" then the object is rejected in step 335; 
5 otherwise, the object is accepted in step 340. In either case, the present 
invention checks in step 350 to see if more objects are needed from the 
drstributibn package. If more objects are needed, the present , invention 
repeats the steps described above starting from step 310; otherwise, the 
program terminates. 

10 FIG. '9 shows a flow diagram of the end user certificate verification 

' program (EU_CVP) used in step 280 bf FIG; 8 to verify the CERT.. In step 284. 
the EU_CVP receives CERT fronri the informatitin provider. The EU_CVP then 
verifies the signature CERT_Sg in thfe CERT using the certification. authority's 
public key CAPK. If the signature is hot verified, a condition of "CERT not 
1 5 verified" is indicated in step 298] Assuming that the signature is verified, the 
EU.CVP in step 290 reads CA_Nlame; CAiAclr.^ and ST to see if they are as 
expected. If the outcome is "No", the conditidh that ''CERT not verified" is 
raised in step 298: othenwise. the EU.CVP reads and checks the validity 
period VP of the CERT in step 294. If the CERT is not expired, the EU_CVP 
20 reads and checks the correctness df IP.Name. IP.Adr; and RA_Name in the 
CERT. If the answer is "Yes"; the EU.CVP decides thdt the CERT is verified in 
step 300. If the outcome in step 294 Is "Yes" or the outcome in step 296 is 
"No" the EU_CVP raises the condition of "CERT not verified"-in step 298. 

FIG. 1 0 illustrates the flow diagram of the checking object acceptability 
25 program (COAP) used in step 320 of FIG. 8.:The COAP computes the digest 
Hi' of the received object Oi in step 322. The outcome of step 322 is used as 
input to step 324 where the newly computed digest Hi' is compared with the 
digest Hi found in the CERT. If there is no match, the object Oi is labeled as 
•not acceptable" in step 328. If there is a match, however, the COAP fetches 
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the values of OTi and SCFi from the CERT and checks them to see if they are 
as required in step 326. If the answer is "Yes", the object is labeled as 
••acceptable" in step 330; othenwise, the object is marked as "not acceptable" 
in step 328. 

5 It should be understood by those skilled in the art that the above method 

is presented here as a way of illustrating the preferred method of making and 
using the invention, and should not bq construed as being the only way. 
Hence, various modifications, additions and substitutions are possible for the 
invention described herein, without departing from the scope and spirit of the 

10 invention as disclosed in the accompanying claims. 
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CLAIMS 



We Claim: 



1. 



In a system for dissemination of digital objects over a transmission 
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channel, said system including at least one information provider, end user, 
arid trusted third party, a method for providing trusted and dynamic 
dissemination of digital objects comprising the steps of: 

a) registering the information provider with said trustiBd third party 
prior to distribution of any digital objects; 

b) grouping digital objects into distribution packages by the 
information provider; 

c) providing a certificate request by the information provider to the 
trusted third party, said certificate request including a certificate request body 
and a field for verifying integrity of contents of said body, said body including 
information provider identification fields for providing infomnation to uniquely 
identify the information provider, package identifying field for uniquely 
identifying a distribution package, object information fields for uniquely 
identifying each of a plurality of digital objects in the distribution package, 
said information fields including a digest of each of said digital objects, said 
digest being computed as an output of a predetermined secure one-way 
hash function with said object as its input; 

d) verifying said certificate request by the trusted third party using 
predetermined criteria; 

e) providing a certificate to the information provider by the trusted 
third party if the predetermined criteria in step d) are met, said certificate 
including a certificate body and a field for verifying integrity of contents of said 
body, said body including a trusted third party's identification field for 
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25 uniquely identifying the taisted third party, a time stamp indicating issue date, 

26 and said certificate request body; 

27 f) rejecting the certificate request if the predetermined criteria of 

28 step d) are not met; 

29 g) verifying said certificate from step e) by the information provider 

30 using predetermined criteria; 

31 ^) storing said certificate if said predetermined criteria in step g) 

32 are met; 

33 .1) rejecting said certificate if said predetermined criteria in step g) 

34 are not met; 

35 j) accessing said certificate from step h) by an end user before 

36 accessing any of said digital objects; 

37 k) verifying said certificate by the end user using predetermined 

38 criteria; 

39 I) ^ rejecting said certificate if said predetermined criteria in step k) 

40 are not met; 

41 m) accessing a digitgLl object from the distribution package if the 

42 predetermined criteria in step k) are nriet; 

43 n) computing a digest as an output of said predetermined secure 

44 one-way hash function with said accessed digital object from step m) as 

45 input; 

46 . o) cprnparing said digest from step n) with the digest of the digital 

47 object from the object information fields in the certificate; 

48 p) rejecting said digital object if the compared digests in step o) are 

49 not identical; and 

50 q) accepting said digital object if the compared digests in step o) 

51 are identscal; , 

52 whereby said trusted third party can authenticate all digital objects in 

53 the distribution package and issue a single certificate certifying all of said 
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54 digital objiBCts, and said end user can verify trustworthiness of each of said 

55 digital objects in the single certificate and access any of the digital objects in 

56 the distribution package at user's discretion. 

1 2. The method as recited in claims 1 wherein said distribution packages 

2 are grouped based on their usage and functionality. 

1 3. The method as recited in claim 1 wherein said certificate request further 

2 includes a field for validity period of the requested certificate to be issued by 

3 a trusted third party. 

1 4. The method as recited in claim 1 wherein isaid infonnation provider 

2 identification fields include the name of the information provider and the 

3 network addr^^ss of the information 

15. In a system for dissemination of digital objects over a transmission 

2 channel, said system including at lieast one information provider, end user, 

3 and trusted third party, a computationally efficient method for providing 

4 trusted and dynanriic dissemination of digital objects comprising the steps of: 

5 a) registering the information provider with said trusted third party 

6 prior to distribution of any digital objects using a public key digital signature 

7 scheme, said scheme including an information provider's public key and 

8 private key, said public key being made known to the trusted third party in an 

9 authenticated manner and said private key being secretly known only to said 

1 0 information provider, said private key being used by the information provider 

11 to generate a digital signature, said public key being used to verify said 

12 digital signature by the trusted third party; 

13 b) grouping digital objects into distribution packages by the 

14 information provider; 

15 c) providing a certificate request by the information provider to the 

1 6 trusted third party, said certificate request including a certificate request body 

17 and a digital signature on said certificate request body under said information 

1 8 provider's private key based on the public key digital signature scheme, said 
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19 certificate request body including said information provider's identification 

20 fields for uniquely identifying the information provider, package identification 

21 fields for uniquely identifying a distribution package, object information fields 

22 for uniquely identifying each of a plurality of digital objects in the distribution 

23 package, said object information fields including a digest of each of said 

24 digital objects, said digest being computed as the output of a predetermined 

25 secure one-way hash function with said object as its input; 

26 d) verifying said certificate request by the trusted third party using 

27 predetermined criteria; 

28 e) providing a certificate to the information provider by the trusted 

29 third party if the predetermined criteria in step d) are met: said certificate 

30 comprising a certificate body and a digital signature on the said certificate 

31 body under the trusted third party's private key based on a predetermined 

32 public key digital signature scheme, said certificate body including the trusted 

33 third party's identification fields for uniquely identifying the trusted third party, 

34 a time stamp indicating issue date, and said certificate request body; 



35 f) rejecting the certificate request if the predetermined criteria of 

36 step d) are not met; _ < 

37 g) verifying said certificate from step e) by the information provider 

38 using predetermined criteria; 

39 h) storing said certificate if, said predetermined criteria in step g) 

40 are met; 

41 i) rejectirig said certificate if said predetermined criteria in step g) 

42 are not met; 

43 i) accessing said certificate from step h) by an end user before 

44 accessing any of said digital objects; 

45 k) verifying said certificate by the end user using predetemiined 

46 criteria; , , . 
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47 I) rejecting said certificate if said predetermined criteria in step k) 

48 are not met; 

49 m) accessing a digital object from the distribution package if the 

50 predetermined criteria in step k) are met; 

51 n) cbmputing a digest as output of said predetermined secure 

52 one-way hash function with said accessed digital object from 

53 step m) as input; 

54 o) comparing said digest from step n) with the digest of the digital 

55 object from the object information fields in the certificate; 

56 p) rejecting said digital btjject if the two digests in step o) are 

57 not identical; and 

58 q) accepting said digital object if the two digests in step b) are 

59 identical; 

60 whereby said trusted third party can authenticate all digital objects in 



61 the distribution package and issue a single certificate certifying all of said 

62 digital objects, and said end user can verify the trustworthiness of each of 

63 said digital objects in the single certificate and access any of the digital 

64 objects in the distribution package at user's discretion. 



1 6. The method as defined in claim 5, wherein said verification of a 

2 certificate request by the trusted third party comprising the steps of: 

3 a) verifying that identity of the information provider contained in said 

4 certificate request corresponds to a registered information provider and that 

5 said inforrhation provider's public key is still valid; and 

6 b) verifying said information provider's signature contained in said 

7 certificate request using the information provider's public key, 

1 7. The method as recited in clairti 5, wherein saiid verification of a 

2 certificate by the information provider in step g) coriiprising the steps of: 

3 a) verifying the identities of the information provider and the trusted third 

4 party contained in said certificate; 
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5 b) verifying that the validity period has not elapsed; and 

6 . c) verifying said trusted third party's signature contained in said certificate 

7 using said trusted third party's public key. 

1 8. The method as recited in claim 5, wherein said verification of a 

2 certificate by the end user in step k) comprising the steps of: 

3 a) verifying the identities of the information provider and the trusted third 

4 party contained in said certificate; 

5 b) verifying that the validity period has not elapsed; and 

6 c) verifying said trusted third party's signature contained in said certificate 

7 . using said trusted third party's public key. 

1 9. In a system for dissemination of digital objects over a transmission 

2 channel, said system including at least one information provider, end user, 

3 and trusted third party, a cornputationally efficient method for providing 

4 trusted and dynamic dissemination of digital objects comprising the steps of: 

5 a) registering the information provider with said trusted third party 

6 prior to distribution of any digital objects using a public. key digital signature 
.7 scheme, said scheme including an information provider's public key and 



8 private key. said public key being made known to the trusted third party in an 

9 authenticated manner and said private key being secretly known only to said 
1 0 infomiation provider, said private key being used by the information provider 
111 to generate a digital signature, said public key being used to verify said 

1 2 digital signature by the trusted third party; 

13 b) grouping digital objects into distribution packages by the 

14 information provider; 

15 c) providing a certificate request by the information provider to the 

16 trusted third party, said certificate request including a certificate request body 

17 and a digital signature on the said certificate request body under said 

18 information provider's private key based on the public key digital signature 

19 scheme, said certificate request body including said information provider's 
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20 identification fields for uniquely identifying the infomnation provider, package 

21 identification fields for uniquely identifying a distribution package, object 

22 information fields for uniquely identifying each of a plurality of digital objects 

23 in the distribution package, said object infomnation fields including a digest of 

24 each of said digital objects, said digest being computed as the output of a 

25 predetermined secure one-way hash function with said object as its input; 

26 d) verifying said certificate request by the trusted third party by 

27 verifying that the identity of information'prdvider contained in said certificate- 

28 request corresponds to a registered information provider, that said 

29 information provider's public key is still valid, and verifying said infomnation 

30 provider'si signature contained in said certificate request using the 

31 information provider's public key; 

32 e) providing a certificate to the infomnation provider by the tmsted 

33 third party if the verifying step d) is passed, said certificate comprising a 



34 certificate body and a digital signature on the said certificate body under the 

35 trusted third party's private key based oh a predetemnined public key digital 

36 signature scheme, said certificate body includihg the trusted third party's 

37 identification fields for uniquely identifying the trusted third party, a time 

38 stamp indicating issue date, and s^id certificate request body; 

39 f) rejecting the certificate request if the verifying step d) is not 

40 passed; 

41 g) verifying said certificate from step e) by the information provider 



42 by verifying the identities of the information provider and the trusted third 

43 party contained in said certificate, yerlfying that the validity period has not 

44 elapsed, arid verifying said trusted third party's signature contained in said 

45 certificate using said trusted third party's public key; 

46 h) storing said certificate if the verifying step g) is passed; 

47 i) rejecting said certificate If the verifying step g) Is not passed; 
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48 j) accessing said certificate from step h) by an ©nd user before 

49 accessing any of said digital objects; 

50 k) verifying said certificate by the end user by verifying the 

51 identities of the information provider and the trusted third party contained in 

52 said certificate, verifying that the validity period has not elapsed, and verifying 

53 said trusted third partyls signature contained in said certificate using said 

54 trusted third party's public key; 

55 1) rejecting said certificate If the verifying step k) is not passed; 

56 "1) accessing a digital object from the distribution package if the 

57 verifying step k) is passed; 

58 n) corriputlng a digest as output of said predetermined secure 

59 one-way hash function with said accessed digital object from 

60 step m). as Input; 

S"" o) comparing said digest from step n) with the digest of the digital 

62 object from the object information fields in the certificate; , 

63 P) / rejecting said digital object If the two digests in step o) are 

64 not Identical; and 

55 q) accepting Sjaid digital object if the two digests in step o) are 

66 identical; 

67 whereby said trusted third party can authenticate all digital objects in 

68 the distribution package and issue a single certificate certifying all of said 

69 digital objects, and said end user can verify the trustworthiness of each of 

70 said digital objects In the. single certificate and access any of the digital 

71 objects in the distribution package abuser's discretion. 

V ■'9-. ^ system for dlssemin^tipn of digital objects over a transmission 

2 channel, said system Including at le^st one infpmiatlon provider, end user. 

3 and trusted third party, a computationally efficient method for providing 

4 trusted and dynamic dissemination of digital objects comprising the steps of: 
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5 a) registering the information provider with said trusted third party 

6 prior to distribution of any digital objects using a public key digital signature 

7 scheme, said scheme including an information provider's public key and 

8 private key, said public key being made known to the trusted third party in an 

9 authenticated rhariner and said private key being secretly known only to said 

10 infonmation provider, said private key being used by the infonmation provider 

1 1 to generate digital signature, said public key being used to verify said digital 

12 signature by the trusted third party; 

13 b) grouping digital objects into distribution packages by the 

14 information provider; 

15 cy providing a certificate recftiest by the information provider to the 

1 6 trusted third party, said certificate request including a certificate request body, 

17 an optional need-safety-checking objects field, and a digital signature on the 

1 8 certificate request body and the said need-safety-checking objects field 

1 9 under said information provider's private key based on the public key digital 

20 signature scheme, said certificiatd Vequesit^^ti^^ said information 

21 provider's identification fields for uniquely identifying the information 

22 provider; package identificatiort fields for uniquely identifying a distribution 

23 package, object information fields for uniquely identifying each of a plurality 

24 of digital objects in th^ distribution package, said object information fields 

25 including a digest, an object type indicator, and a safety-checking flag for 

26 each of said digital objects, said digest being computed ^s' an output of a 

27 predetermined secure one-way hash function with saib dbject as its input, 

28 said safety-checking flag taking two possible values corresponding to ON 

29 and OFF, said need-safety-chedking objects field containing objects whose 

30 safety needs to be checked by the trusted third party; 

31 d) verifying said certificate request by the trusted third party using 

32 predetermined criteria; 
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33 e) providing a certificate to the information provider by the trusted 

34 third party if the predetermined criteria in step d) are met, said certificate 

35 comprising a certificate body and a digital sigriature on the said certificate 

36 body under the trusted third party's private key based the predetermined 

37 public key digital signature scheme, said certificate body including the trusted 

38 third party's identification fields for uniquely identifying the trusted third party, 

39 : a time stamp indicating issue date, and said certificate request body; 

40 0 rejecting the certificate request if the predetermined criteria of 

41 step d) are not met: 

42 g) verifying said certificate from step e) by the information provider 

43 using predetermined criteria; 

.44 h) storing said certificate if said predetermined criteria in step g) 

45 are met; 

4S i) rejecting said certificate if said predetermined criteria in step g) 

47 are not met; 

48 1) accessing said, certificate from step h) by an end user before 

49 accessing any of said digital objects; 

50 k) verifying said certificate by the end user using predetemnined 

51 criteria; 

52 I) rejecting said certificate if said predetermined criteria in step k) 

53 are not met; 

54 m) accessing a digital object from the distribution package if the 

55 predetermined criteria in step k) are met; 

56 n) computing a digest as output of said predetermined secure. 

57 one-way hash function with said accessed digital object from step m) 

58 as input; 

59 o) comparing said digest from step n) with the digest of the digital 
SO object from the object information fields contained in the certificate and 
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61 checking if values of the object type indicator and safety-checking flag of said 

62 object are as required; 

63 p) rejecting said digital object if the two digests in step o) are not 

64 identical or if the values of the object type indicator and safety-checking flag 

65 of said object are hot as required; and 

66 q) accepting said digital object if the two digests in step o) are 

67 identical and if the values of the object type Indicator and safety-checkirig flag 

68 of said object are as required; . 

6g whereby said trusted third party can authenticate etll digital objects in 

70 the distribution package and issue a single certificate certifying all of said 

71 digital objects, and said end user can verify the trustworthiness of each of 

72 said digital objects in the singte Certificate and access any of the digital 

73 objects in the distribution package at user's discretion. 

1 11. The method as defined in claim 10, wherein said verification of a 

2 certificate-request by the trusted third party comprising the steps of : 

3 a) verifying that identity of inforrtlatiori ptdvlder contai 

4 certificate-request corresponds to a registered information provider and that 

5 said infomnation provider's public key is still vaiid; and 

6 b) verifying said information provider's signature contained in said 

7 certificate-requbst; artd 

8 c) computing a digest as output of a predetermined secure one-way 

9 hash function with said digital object as input for each object contained in the 

10 need-safety-checking-objects field; and 

11 d) S/erifying that said digest from step c) is identical to the corresponding 

1 2 digest contained in the object informatibh field! ^ * 

13 e) verifying the safety features of said object with predetermined 

14 procedures. 

1 12. The method as recited in claim 10, wherein said verification of a 

2 certificate by the information provider comprising the steps of: 
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3 a) checking the correctness of jdentities of information provider and 

4 trusted third party contained in said certificate; and 

5 b) verifying said trusted third part/s signature contained in said 

6 certificate. 

1 13. - The method as recited in claim 10, wherein said verification of a 

2 certificate by the end user comprising the steps of: 

3 a) checking the correctness of identities of inlonnation provider and 

4 trusted third party contained in said certificate; and 

5 . b) verifying said trusted third party's signature contained in said 

6 certificate. 

1 14. !n a system for. dissemination of digital objects over a transmission 

2 channel, said system including at least one infonmation provider, end user, 

3 and trusted third party, a computationally efficient method for providing 

4 trusted and dynamic dissemination of digital objects comprising the steps of: 

5 a) , registering the information provider with said trusted third party 

6 prior to distribution of any digital objects; 

7 b) grouping digital objects into distribution packages by the 

8 information, provider; 

9 c) providing a certificate request by the information provider to the 
to trusteid third party, said certificate ri^quest including a certificate request body 

11 and a field for verifying integrity of contents of said body, said body including 

12 inforrr^ation provider identification fields for providing information to uniquely 

13 identify the information provider, package identifying field for uniquely 

14 identifying a distribution package, object information fields for uniquely 

15 identifying each of a plurality of digital objects in the distribution package. 

16 said information fields including a digest of each of said digital objects, said 

17 digest being comppted as an output of a predetermined secure one-way 

18 hash function with said object as its Input; 
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19 ^ d) verifying said certificate request by the trustiBd third party using 

20 predetermined criteria; 

21 e) providing a^ certificate to the information provider by the trusted 

22 third party if the predetermined criteria in step d) are met, said certificate 

23 including a certificate body and a field for verifying integrity of contents of said 

24 body, said certificate body including a trusted third party's identification field 

25 for uniquely identifying the trusted third party, a time stiamp indicating issue 

26 date, and said certificate request body; 



27 f) rejecting the certificate request if the predetermined criteria of 

28 step d) are not met; ^ 

29 ' g) veififying saiid certificate from step 6) by the information provider 

30 using predetermined criteria; 

31 h) storing said certificate if said predetermined criteria in step g) 

32 are met; and 

33 ij rejecting said certificate if said predetermined criteria in step g) 

34 are not met; 

35 whereby said trusted third party can authenticate all digital objects.Mn 

36 the distribution package and issue a single certificate certifying all of said 

37 digital objects. 

1 15. In a system for dissemination of digital objects over a transmission 

2 channel, said system including at least one informalibn provider^, end user, 

3 and trusted third party, a computationally efficient method for providing 

4 trusted arid dynamic disseminatioh of digital objects comprising the steps of: 

5 a) registering the infonrnation provider with sa^^ 

6 prior to distribution of any digital objects using a public key digital signature 

7 scheme, said scheme including an infbrmatidh provider's public key and 

8 private key, said public key being made known tb the trusted third party in an 

9 authenticated manner and said private key being secretly known only to said 
1 0 information provider, said private key being used by the infomnation provider 
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1 1 to generate a digital signature, said public key being used to verify said 

1 2 digital signature by the trusted third party; 

13 b) grouping digital objects intp distribution packages by the 

1 4 information provider; 

15 c) providing a certificate request by the information provider to the 

1 6 trusted third party, said certificate request including a certificate request body 

17 and a digital signature on the said certificate request body under said 

1 8 information provider's private key based on the public key digital signature 

19 scheme, said certificate request body including said information provider's 

20 identification fields for uniquely identifying the information provider, package 

21 identification fields for uniquely identifying a distribution package, object 

22 information fields for uniquely identifying each of a plurality of digital objects 

23 in the distribution package, said object information fields including a digest of 

24 each of said digital objects, said digest being computed as the output of a 

25 predetermined secure one-way hash function with said object as its input; 
26. d) verifying said certificate request by the trusted third party using 

27 predetermined criteria; 

28 e) providing a certificate to the information provider by the trusted 

29 third party if the predeternriined criteria in step d) are rnet, said certificate 

30 comprising a certificate body and a digital signature on the said certificate 

31 body under the trusted third party's private key based on a predetermined 

32 public key digital signature scheme, said certificate body Including the trusted 

33 third party's identification fields for uniquely identifying the trusted third party, 

34 a time stamp indicating issue date, and said certificate request body; 

35 f) rejecting the certificate request if the predetermined criteria of 

36 step d) are not met; 

37 g) verifying said certificate from step e) by the information provider 

38 using predetermined criteria; 
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39 h) storing said certificate if said predetermined criteria in step g) 

40 are met; 

41 i) rejecting saiid certificate if said predetermined criteria in step g) 

42 are not met; 

43 whereby said trusted third party can authenticate all digital objects in 

44 the distribution package and issue a single certificate certifying all of said 

45 digitai objects. 

1 16. The method as defined in claim 15, wherein said verification of a 

2 certificate-request by the trusted third party comprising the steps of: 

3 a) verifying that identity of the information provider contained in said 

4 certificate-request corresponds to a registered information pirovider and that 

5 said infonmation provider*s public key is still valid; and 

6 bj verifyihg said information provider's signature contaiined in said 

7 certificate request using the information provider's public key^ 

1 17. The method as recited in claim 15, wherein said verification of a 

2 certificate by the information provider in step g) comprising the steps of: 

3 a) verifying the identity of the information provider and the trusted third 

4 party contained in said certificate; 

5 b) verifying that the validity period has not elapsed; arid 

6 c) verifying said trusted third party's signature contained in said certificate 

7 using said trusted third parf/s public key. 

1 18, In a system for dissemination of digital objects over a transmission 

2 channel, said system including at least one information provider, end user, 

3 and trusted third party, where the infomnation provider groups digital objects 

4 into distribution packages, and obtains a single certificate from the trusted 

5 third party for each of the distribution packages, said certificate containing 

6 information provider identification fields, package identifying field, object 

7 infomr^ation fields including a digest of each of said digital objects, identity of 

8 a trusted third party, a time stamp indicating issue date, said trusted third 
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9 partes digital signature on all of said fields, a computationally efficient 

1 0 method for providing tmsted and dynamic access of digital objects by the end 

1 1 user comprising the steps of: 

-1 2 a) accessing said certificate from the information provider before 

1 3 accessing any of said digital objects; 

14 b) verifying said certificate by the end user using predetermined 

1 5 criteria; 

1 5 c) rejecting said certificate if said predetermined criteria in step b) 

1 7 are not met; 

18 d) accessing a digital oDject from the distribution package if the 

1 9 predetermined criteria in step b) are met; 

20 e) computing a digest as output of said predetermined secure one- 

21 way function with said accessed digit&l object from step d) as input; 

22 f) comparing said digest from step e) with the digest of the digital 

23 object from the object information fields in the certificate; 

24 g) rejecting said digital object if the compared digests in step f) are 

25 not identical; and 

26 h) accepting said digital object if the compared digests in step f) 

27 are identical; 

28 whereby said end user can verify trustworthiness of each of said 

29 digital objects in the single certificate and access any of the digital objects in 

30 the distribution package at the user's discretion. 

1 19. The method as recited in claim 18, wherein said verification of a 

2 certificate by the end user comprising the steps of: 

3 a) checking the conrectness of identities of information provider and 

4 trusted third party contained in said certificate; and 

5 b) verifying said trusted third party's signature contained in said 

6 certificate. 
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